The Biden administration continues to take steps to clean up America after four years of drowning in Trump's toxic waste dump, this time the White House is looking at new measures to protect badly compromised government computer networks
raided by Russia and China over the last several years, exposed last week by a major Microsoft vulnerability.
The White House is ramping up coordination with the private sector to address the ongoing fallout from a major breach of Microsoft software leaving thousands of American organizations vulnerable to hackers.
That includes for the first time including private companies in the meetings of an interagency taskforce dedicated to the incident, a senior administration official told reporters Friday.
“We still believe that public-private partnership is foundational in cybersecurity and we want to ensure we're taking every opportunity to include key private-sector participants early and directly in our remediation efforts,” a senior administration official said.
It's a major step towards transparency for the Biden administration, which is stressing strengthening relations between the private and public sector in the fallout from the Russian SolarWinds hacking campaign that infiltrated at least nine government agencies and about 100 companies.
The more recent Microsoft hack has added urgency to fixing those relations. Microsoft announced earlier this month a group of hackers tied to China exploited a vulnerability in its Microsoft Exchange product. Other cybercriminals have since swooped in to take advantage of servers that have not yet been updated to fix the vulnerability.
The situation escalated last week when Microsoft reported that hackers were targeting vulnerable servers with ransomware, a software loaded with a program allowing hackers to lock up computer systems and data for money. Vulnerable Microsoft users include hundreds of banks, health-care and government servers, researchers at the cybersecurity firm RiskIQ found. Pulling off a successful ransomware attack against any one of them could create major chaos.
A White House team is examining how to address concerns from the private sector over information-sharing with the government, the official said. Congress also is slated to roll out proposals regarding cybersecurity incident sharing in the coming weeks.
The Biden administration is weighing a number of potential solutions, including a ratings system for software, the official said. The grading system would be similar to that used by local health departments for restaurants. The idea of a cybersecurity rating has been pushed by Congress's bipartisan Cyberspace Solarium Commission as well as some industry groups.
The administration also is mulling a law such as the one introduced in Singapore requiring home devices to come with security labels.
Executive orders addressing the two ideas are forthcoming, the senior official said.
The administration is not considering granting the government additional authorities to surveil domestic Internet traffic for hackers. Some experts and lawmakers worry that the blind spot created by the limited authorities has created an easy way for international hackers to avoid detection by using U.S. networks. The Biden official said the government is not exploring any expansion of domestic surveillance to make it easier for U.S. intelligence to monitor domestic traffic for hackers, a proposal that probably would spark an outcry from privacy advocates and in Congress.
Translation: even after years of being hacked by China and Russia, Republicans will not allow new cybersecurity legislation, even if several Dems weren't against it over civil liberties issues. It's going to have to come from President Biden's executive order pen.
Still, Trump patently refused to do anything about these vulnerabilities, going so far as to fire the White house cybersecurity czar and eliminate the office, leaving the door wide open for Russia and China to reap devastating intelligence on US operations and corporations.
President Biden has a lot of work to do, but at least we're rolling up our sleeves.